Overview

overview

10

Static

static

da5a7534f8...87.exe

windows7-x64

10

da5a7534f8...87.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    da5a7534f808b7bedb2ca49d8be9b151494ce0a900d29b527305f2fb26397e87

  • Size

    172KB

  • Sample

    221029-y1yybsdde8

  • MD5

    85136f2eb3093a6b2674294369d6e680

  • SHA1

    2eeae5192df29a04bf974915b03553e68112b5e9

  • SHA256

    da5a7534f808b7bedb2ca49d8be9b151494ce0a900d29b527305f2fb26397e87

  • SHA512

    c2caa7933156e48a85b3c10aefcb081735b808af5dc88b7452750b8dbf8502767bc2d296d81705d24ce8793ee9f763ef74db0f69dda57006f7193f6e0ae8d0b0

  • SSDEEP

    3072:riv3ZKdMPSo6INJkLld5PmcMTlUvXSzrpuUODDrC:riQ+7nnkRCNTjzrTOve

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      da5a7534f808b7bedb2ca49d8be9b151494ce0a900d29b527305f2fb26397e87

    • Size

      172KB

    • MD5

      85136f2eb3093a6b2674294369d6e680

    • SHA1

      2eeae5192df29a04bf974915b03553e68112b5e9

    • SHA256

      da5a7534f808b7bedb2ca49d8be9b151494ce0a900d29b527305f2fb26397e87

    • SHA512

      c2caa7933156e48a85b3c10aefcb081735b808af5dc88b7452750b8dbf8502767bc2d296d81705d24ce8793ee9f763ef74db0f69dda57006f7193f6e0ae8d0b0

    • SSDEEP

      3072:riv3ZKdMPSo6INJkLld5PmcMTlUvXSzrpuUODDrC:riQ+7nnkRCNTjzrTOve

    Score
    10/10
    evasionpersistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks